Strong
Areas where I’m confident delivering outcomes.
Information SecuritySecurity LeadershipOrg-wide ownership (IT + Cloud + Security + Product + Engineering)Budget ownership ($1M+/yr CAPEX/OPEX)Vendor management & contract negotiation (100+ vendors)Cloud SecurityAWS (EKS, EC2, S3, IAM, ALB/ELB, API Gateway, SSO, ECR, Security Hub)TerraformAWS Control TowerAWS Well-Architected FrameworkDevSecOpsCI/CD (GitHub Actions, Xcode Cloud, self-hosted runners)CI pipeline authoring & platform engineeringGitHub Advanced Security (GHAS)KubernetesArgoCD (GitOps)Container Security (ECR/images)DockerIdentity & Access Management (Okta, SSO, CASB)Identity migrations (Okta → Rippling)Encryption & Encryption SDK development (Go)GRC (ISO 27001, ISO 27701, SOC 2 Type 1 & 2, PCI/DSS)Compliance Automation (Drata)Compliance program ownership (Series A → Series B)SOC 2 engineering controls enforcementApplication SecuritySupply Chain SecurityIncident Response & InvestigationWAF / IDS / IPSSASE / ZTNACloudflare (security gateway, Workers, edge compute, WAF, API protection)Linux (RedHat, Ubuntu, Fedora, SUSE)Bug bounty program ownership (HackerOne)Penetration testingObservability strategy & rollout (Datadog)Cloud security posture management (Wiz — 0 Critical Club)Scaling infra from 0 → 250k+ paying usersGo (Golang)Swift / SwiftUI (macOS + iOS native app development)PythonKotlin (Android native development, Jetpack Compose)AI-native application architecture (agent loops, tool-use systems, streaming inference)LLM application development (Claude, GPT, multi-model routing via OpenRouter)Prompt engineering & system prompt architectureAgent loop design with tool orchestration (50+ tools across platforms)Knowledge graph memory systems (entity extraction, wiki-linking, FTS5, pgvector)Context window management & compaction strategiesAI safety & prompt injection defense (content sanitization, boundary tagging)Android development (Kotlin, Jetpack Compose, Hilt DI, Room DB, Material 3)iOS development (Swift 6, SwiftUI, SwiftData, strict concurrency)Cross-platform feature parity management (Android + iOS)Full-stack mobile product architecture (dual-platform)Supabase (Auth, Edge Functions, Realtime, Row-Level Security)PostgreSQL (pgvector, scheduled agents, credit ledger, migration management)MCP (Model Context Protocol) server developmentIn-app purchase architecture (Google Play Billing, Adapty SDK, Stripe)Credit-based monetization systemsGo-to-market strategy for consumer AI productsUnit economics modeling for AI/LLM inference costsProduct management & backlog prioritizationIT Operations (ITIL, JIRA Service Management)Agentic & AI tooling (Claude, Cursor, Gemini — increased org output by 25%)Networking fundamentals (TCP/IP, DHCP, VPN, NSX)VMware vSphere / NSX / vCloud DirectorHybrid cloud architecture (VMware + AWS)Post-Quantum Cryptography (Kyber768, Dilithium 2)Cryptographic AgilitySelf-replicating systems (security research)Patent development (15+ patents, 13+ granted — cryptographic agility, PQC, distributed systems)C-level executive engagementPresenting to VCsPublic speaking / conference presentationsAgile / ScrumTeam leadership (up to 10 engineers/direct reports)Bilingual English/Japanese (business/professional level)HRIS / IT platform migrations (Okta → Rippling)Rippling (HRIS + IT platform)
Moderate
I’ve shipped here, but I’m not pretending it’s my core identity.
TypeScript / Deno (edge functions)Python backend (asyncio, asyncpg, Starlette, APScheduler)Edge function development (Deno/TypeScript)Background processing (Android WorkManager, iOS BGProcessingTask/BGAppRefreshTask)Push notifications & proactive engagement systemsOAuth/authentication flows (Google Sign-In, Supabase Auth, ASWebAuthenticationSession)RAG patterns (memory search, FTS5 indexing, pgvector embeddings)Frustration detection & sentiment analysis in AI interactionsConversational UI design for AI assistantsOnboarding flow design (progressive disclosure, personality customization)Analytics pipeline architecture (event tracking, funnel state machines)Churn prediction via frustration signal correlationA/B testing paywalls and pricing strategiesWebhook-driven purchase verification pipelinesApp signing & store deployment automation (AAB → Play Console)Node.jsMicroservices architectureDistributed systems architectureOffensive security tooling (CVE exploitation, network scanning, brute-forcing)Big data correlation & API integrationSecurity tooling (Wiz, AWS Security Hub, Mayhem, GHS)GitLabGoogle CloudInternal IT program buildout (tickets, onboarding, asset lifecycle)People management (director + security engineer)SaltStack (configuration management)ELK stack (centralized log analysis)Blockchain / Cardano (stake pool operation, Terraform deployment, FIPS 140-2 cold storage)Data center design & operations (15 MW scale, custom shipping container infrastructure)Cryptocurrency mining (PoW hardware, AI trading bots)EDI integrationVMware View (Horizon)Healthcare IT solutions engineeringAI/ML model implementation (security AI for spam/phishing detection)
Familiar
Useful supporting skills I can lean on as needed.
JavaPerlC/C++ (embedded firmware, printer firmware debugging)Visual BasicPHPXMLSQL / MySQLOpen source toolingOpenStackBash / Shell scriptingHyper-VKVMXenHP BladeSystem / InfiniBand (QDR/DDR)SAN / iSCSI / NetApp storage / HP Storage (MSA, EVA)NetSuite ERPThreadX RTOS (embedded OS profiling)BitBucketHP-UX (UNIX)Windows Server / Active DirectoryMicrosoft AzureFastlane-adjacent automationDark mode / high contrast accessibilityMaterial 3 & iOS Human Interface Guidelines
Gaps
Areas where I have less depth today (and won’t waste your time).
ML model training / research (beyond applied/security use-cases)Marketing (growth, demand gen, brand)Legal (contracts, corporate law)Finance (accounting, FP&A)
